CCSK Practice Tests by Malisow Ben

Author:Malisow, Ben [Malisow, Ben]
Language: eng
Format: epub
Publisher: Maladjusted Works
Published: 2021-01-02T16:00:00+00:00

Domain 2 Answers

26. ​ Answer: D

See page 28 of the Cloud Security Alliance (CSA) Security Guidance v4.

27.​ Answer: B

Every organization is responsible for its own governance. See page 28 of the Cloud Security Alliance (CSA) Security Guidance v4.

Organizations can, and often do, outsource the business functions listed in the other answers.

28.​ Answer: A

According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 28), cloud providers try to leverage economies of scale for these purposes.

The other answers may, in fact, be things that cloud providers also do, but A is the correct answer according to the Guidance.

29.​ Answer: B and C

See page 29 of the Cloud Security Alliance (CSA) Security Guidance v4.

30.​ Answer: B

According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 29), the contract is the only guarantee of service and commitment (aside from legal action).

31.​ Answer: D

The customer should know what the assessment/audit actually reviewed, not just which standard was used as the basis for the review. See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.

The inflation rate is a measure of the soundness of a particular currency, and doesn’t really have anything to do with audits of cloud providers. The type of hypervisor the provider uses isn’t particularly pertinent, as long as the assessment/audit determined whether the appropriate controls were used to secure it (and that those controls are functioning properly). Knowledge of the market isn’t critical when reviewing an assessment/audit.

32.​ Answer: B

The size of the audit effort (or audit provider) is not typically indicative of whether the audit is meaningful and trustworthy.

All the other answers are, in fact, reasons to trust a particular auditor/firm. See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.

33.​ Answer: B

The CSA Security, Trust, and Risk program registry is a centralized collection of cloud provider assessments. (See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.

The CCM and CAIQ are assessment tools used by providers to create content for the STAR Registry. There is no OIP, which I made up.

34.​ Answer: C

Risk management in the cloud is often described as a shared responsibilities model; the provider is responsible for managing certain risks, while the customer is responsible for others. (See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.)

The Bell-LaPadula model is an access control model. A covert channel is an attack method for observing target activity. Risk management cannot be totally outsourced.

35.​ Answer: A and D

The Cloud Security Alliance (CSA) Security Guidance v4 (page 30) specifically notes that good contracts and documentation (from the provider) are essential to enterprise risk management in the cloud.

Neither an equity stake, public interest, nor physical distance of the parties significantly affect risk management.

36.​ Answer: B

Senior management of each organization will determine the risk tolerance (also referred to as “risk appetite” or “risk threshold”) of a particular organization. (See page 31 of the Cloud Security Alliance (CSA) Security Guidance v4.)

37.​ Answer: C

According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 31), SaaS demonstrates the most critical need for a negotiated contract.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.